Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,456
"UNC4210 re-registered at least three expired ANDROMEDA command-and-control (C2) domains and began profiling victims to selectively deploy KOPILUWAK and QUIETCANARY in September 2022," Mandiant researchers said in an analysis published last week.
In July 2022, Google's Threat Analysis Group (TAG) revealed that Turla created a malicious Android app to supposedly "help" pro-Ukrainian hacktivists launch distributed denial-of-service (DDoS) attacks against Russian sites.

The latest discovery from Mandiant shows that Turla has been stealthily co-opting older infections as a malware distribution mechanism, not to mention taking advantage of the fact that ANDROMEDA spreads via infected USB keys. "USB spreading malware continues to be a useful vector to gain initial access into organizations,"
"As older ANDROMEDA malware continues to spread from compromised USB devices, these re-registered domains pose a risk as new threat actors can take control and deliver new malware to victims," the researchers said. "This novel technique of claiming expired domains used by widely distributed, financially motivated malware can enable follow-on compromises at a wide array of entities. Further, older malware and infrastructure may be more likely to be overlooked by defenders triaging a wide variety of alerts."
Same source as OP shared.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top